IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The validation of the mutual authentication reply produces no further
data to send to the server.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec
is expecting in any case.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
We detect this function at configure time, but it currently fails to
operate the way we need - that is, when the principal is not
specified, it gives this error. When the principal is specified we
get 'wrong principal in request' in the GSS acceptor, so for now the
best option is to fall back to the alternate approach.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
We may not be able to obtain the full error string, so print what we can get.
This is required when the error is the the GSSAPI layer, not the mechanism.
Andrew Bartlett
These come in via the smb_krb5.h include (and lib/replace/system/kerberos.h)
in the end.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue May 10 23:12:31 CEST 2011 on sn-devel-104
This is constant data according to the man pages I find for this
fucntion, and causes a segfault to free() when linked to Heimdal. I
am advised that while it is constant for gss_mech_krb5, it may not be
for other mechanisms, so an assert will ensure this is dealt with by
the programmer who extends this code in future.
Andrew Bartlett
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
This Heimdal function does not set the global state, and allows the
GSSAPI server to progress further when compiled against Heimdal (such
as in the top level build).
The ability to specify a keytab has been removed from the API as it is
unused, and and the Heimdal function (avoiding setting global
variables) works with an open keytab.
Andrew Bartlett